Google Abacus will remove passwords
Google's Project Abacus aims to change the way we secure our devices.
By the end of this year devices will be able to use a new API trust from Google's Abacus project, according to Google ATAP Director, Dan Kaufman.
API will run in the background all the time and its purpose is to remove the various passwords.
It will use a smartphone's various sensors to check the user's current location, the way they type, their voice and even facial recognition. It will thus create an overall "trust score" that will recognise the user in order to unlock their device and give them access to their applications.
"We're initially going to go for testing at some very large financial institutions this summer," Kaufman said. If all goes well, Google plans to launch the new API by the end of the year.
"I think Google is not trustworthy and has a bad track record in terms of launching and then abandoning various projects," said Rob Enderle principal analyst at Enderle Group. "The potential for this to get worse both in terms of individuals and in terms of credit institutions (i.e. lack of trust) is high and will likely be the main barrier to adoption of this API," he added. "Generally speaking, a problem in the API could lock users out of their devices."
See also: Facebook security vulnerability shows your phone
Problems with the API trust
"The problem has always been that a biometric security system - such as fingerprinting or iris scanning - is relatively easy to make mistakes," observed Michael Jude, a principal programming researcher at Frost & Sullivan.
And because it is not completely safe, it needs verification, usually by collecting more data, but the more data that is collected, the more the risk of error increases," he added.
If the biometric system fails, a secondary system - probably with the classic password - must be in place in order to reset the system infrastructure, and this would cause additional complications.
The upside, on the other hand, is that when it works properly, it will provide a faster, safer and more consistent method of accessing secure websites. However, Google's reputation for not being "secure" enough and not listening to the opinion of its partners, as well as the complexity of the method, stand as serious obstacles to the whole effort.
See also: How to protect your personal data on iPhone
Potential privacy problems
Such an API will transfer some personal data and information to the Internet and the Cloud and the question arises: "Do you trust your provider or other third parties with such information?"
Even more, the trust API will be running constantly in the background and this can be an issue. Given that in Android many apps send user data to various servers and often without even informing the users, we can think about what can happen to such confidential information as a user's fingerprint, voice pattern or facial details.
Such an always-on feature would make it easy to track a user (at the very least), not to mention what would happen if a hacker manages to gain access to that data - which is not that difficult.
And on the other hand, the feature would make it easier to track down criminals and terrorists - although they know how to disable such features, so who are we kidding?
And if we recall previous court orders that required a user to unlock their device with their fingerprint, you can imagine what will happen if more biometric information becomes available. Law enforcement authorities will be even more insistent on creating legislation to access it.
"And that's a big problem," Jude said. "Such an approach to security opens a backdoor of enormous proportions to personal and biometric data. All that's left is to see someone build a countermeasure that allows a user to delete the contents of their device with a simple voice command."
There's a book from antiquity that says something about etchings and controlling the world through them, and most people think it's a fairy tale. Let's try not to make it a reality.
See also: Encrypt your data on your Mac using FileVault
from Elichord
